<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 8.6.8" />
<link rel="Shortcut Icon" href="/images/favicon.ico" type="image/x-icon" />
<title></title>
<link rel="stylesheet" href="asciidoc-12.css" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/asciidoc.css" type="text/css" />
<link rel="stylesheet" href="website-12.css" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/website.css" type="text/css" />
</head>

<body>

<div id="layout-menu-box">
<div id="layout-menu">
  <div><a href="WhatIsPeach.html" tppabs="http://old.peachfuzzer.com/WhatIsPeach.html">What is Peach</a></div>
  <div><a href="Installation.html" tppabs="http://old.peachfuzzer.com/v3/Installation.html"><b>Installing</b></a></div>
  <div><a href="PeachQuickStart.html" tppabs="http://old.peachfuzzer.com/v3/PeachQuickStart.html"><b>Tutorials</b></a></div>
  <div><a href="Methodology.html" tppabs="http://old.peachfuzzer.com/Methodology.html">Methodology</a></div>
  <div><a href="Introduction.html" tppabs="http://old.peachfuzzer.com/Introduction.html">Introduction</a></div>
  <div><a href="Training.html" tppabs="http://old.peachfuzzer.com/Training.html">Training</a></div>
  <div><a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html">Enterprise</a></div>
  <div><a href="FAQ.html" tppabs="http://old.peachfuzzer.com/v3/FAQ.html">FAQ</a></div>
  <div><a href="javascript:if(confirm(%27http://forums.peachfuzzer.com/forum.php  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://forums.peachfuzzer.com/forum.php%27" tppabs="http://forums.peachfuzzer.com/forum.php">Support Forums</a></div>

  <div><h5>Peach 3</h5></div>
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="PeachPit.html" tppabs="http://old.peachfuzzer.com/v3/PeachPit.html">Peach Pits</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="GeneralConfiguration.html" tppabs="http://old.peachfuzzer.com/v3/GeneralConfiguration.html">General Conf</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="DataModeling.html" tppabs="http://old.peachfuzzer.com/v3/DataModeling.html">Data Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="StateModel.html" tppabs="http://old.peachfuzzer.com/v3/StateModel.html">State Modeling</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Agents</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="AgentsMonitors.html" tppabs="http://old.peachfuzzer.com/v3/AgentsMonitors.html">Monitors</a></div>
  <div>&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="TestConfig.html" tppabs="http://old.peachfuzzer.com/v3/TestConfig.html">Test</a></div>
        <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Publisher.html" tppabs="http://old.peachfuzzer.com/v3/Publisher.html">Publishers</a></div>
  <div>&nbsp;&nbsp;<img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="Logger.html" tppabs="http://old.peachfuzzer.com/v3/Logger.html">Loggers</a></div>
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/DebuggingPitFiles.html">Debugging Pits</a></div> -->
  <!-- <div>&nbsp;<img src="/images/1.gif" /><a href="/v3/ValidatingPitFiles.html">Validating Pits</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="RunningPeach.html" tppabs="http://old.peachfuzzer.com/v3/RunningPeach.html">Running</a></div>
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ParallelPeach.html">Parallel</a></div> -->
  <!-- <div><img src="/images/1.gif" /><a href="/v3/ExtendingPeach.html">Extending</a></div> -->
  <div><img src="1.gif" tppabs="http://old.peachfuzzer.com/images/1.gif" /><a href="minset.html" tppabs="http://old.peachfuzzer.com/v3/minset.html">Minset</a></div>

  <div><h5><a href="peach23.html" tppabs="http://old.peachfuzzer.com/v2/peach23.html">Peach 2.3</a></h5></div>

  <div><hr/></div>

  <div><a href="License.html" tppabs="http://old.peachfuzzer.com/License.html">License</a></div>
</div>
</div>
<div id="layout-content-box">
<div id="layout-banner">
  <div id="layout-title">
    <a href="index.htm" tppabs="http://old.peachfuzzer.com/"><img src="peach_fuzzer.png" tppabs="http://old.peachfuzzer.com/images/peach_fuzzer.png" height="100" /></a>
    <a href="javascript:if(confirm(%27http://www.dejavusecurity.com/peach.html  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://www.dejavusecurity.com/peach.html%27" tppabs="http://www.dejavusecurity.com/peach.html" class="layout-inner-banner-right">
                <img height="50" src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" /></a>
  </div>

  <div id="layout-description">
  <script>
  (function() {
    var cx = '007028538774543840348:g-0dlrdlmxs';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<gcse:search></gcse:search>
      </div>
</div>
<div id="layout-content">
<div id="content">
<div class="paragraph"><p><a href="CreateStateModel-2.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/CreateStateModel.html">&lt;&lt; Previouse</a> | <a href="TutorialDumbFuzzing-1.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing.html">Up</a> | <a href="AgentAndMonitor-2.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/AgentAndMonitor.html">Next &gt;&gt;</a></p></div>
<hr />
<div class="sect1">
<h2 id="_configure_publisher">Configure Publisher</h2>
<div class="sectionbody">
<div class="paragraph"><p>The last thing we need todo before we can try out our nifty fuzzer is to configure two <a href="Publisher-1.html" tppabs="http://old.peachfuzzer.com/v2/Publisher.html">Publisher</a>s.  <a href="Publisher-1.html" tppabs="http://old.peachfuzzer.com/v2/Publisher.html">Publisher</a>s are I/O connectors that implement the plumbing between actions like <em>output</em>, <em>input</em>, and <em>call</em>.  For our file fuzzer we will use the <a href="Publisher-1.html" tppabs="http://old.peachfuzzer.com/v2/Publisher.html">Publisher</a> called FileWriter and Launcher.  These publisher will allow us to write out a file and then launch a process using the <em>call</em> action like we setup in last section.</p></div>
<div class="paragraph"><p>Configuring our publisher is easy, just locate the following XML near the bottom of the <code>png.xml</code> file, it will be a child of <a href="Test-1.html" tppabs="http://old.peachfuzzer.com/v2/Test.html">Test</a>.</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-style: italic"><span style="color: #9A1900">&lt;!-- TODO: Complete publisher --&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>Now, this publisher takes a single parameter called <em>fileName</em> that will contain the file name of the fuzzed file.</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"file"</span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"file.FileWriter"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"fileName"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Publisher&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>Next we need to create a publisher to launch our program.  We will provide the full command line to mplayer including the file name of fuzzed file (fuzzed.png).  When our "call" action in the state model occurs it will trigger this program to get run.</p></div>
<div class="listingblock">
<div class="content"><!-- Generator: GNU source-highlight 3.1.7
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><span style="font-weight: bold"><span style="color: #0000FF">&lt;Publisher</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"launcher"</span> <span style="color: #009900">class</span><span style="color: #990000">=</span><span style="color: #FF0000">"process.Launcher"</span><span style="font-weight: bold"><span style="color: #0000FF">&gt;</span></span>
        <span style="font-weight: bold"><span style="color: #0000FF">&lt;Param</span></span> <span style="color: #009900">name</span><span style="color: #990000">=</span><span style="color: #FF0000">"Command"</span> <span style="color: #009900">value</span><span style="color: #990000">=</span><span style="color: #FF0000">"mplayer fuzzed.png"</span><span style="font-weight: bold"><span style="color: #0000FF">/&gt;</span></span>
<span style="font-weight: bold"><span style="color: #0000FF">&lt;/Publisher&gt;</span></span></tt></pre></div></div>
<div class="paragraph"><p>Now that we have the publisher configured we can test our fuzzer!</p></div>
</div>
</div>
<div class="sect1">
<h2 id="_testing_fuzzer">Testing Fuzzer</h2>
<div class="sectionbody">
<div class="paragraph"><p>Lets go ahead and run the fuzzer!  Open up a command window and navigate to the location of <code>png.xml</code>.  Now run the following command:</p></div>
<div class="listingblock">
<div class="content">
<pre><code>c:\png&gt;c:\peach\peach -t png.xml

] Peach 2.3.8 Runtime
] Copyright (c) Michael Eddington

File parsed with out errors.</code></pre>
</div></div>
<div class="paragraph"><p>Hopefully you got this output and no problems were found.  If a problem was found go back through the prior sections and try and identify the problem.</p></div>
</div>
</div>
<div class="sect1">
<h2 id="_running_fuzzer">Running Fuzzer</h2>
<div class="sectionbody">
<div class="paragraph"><p>Now lets actually kick off our fuzzer for real!</p></div>
<div class="listingblock">
<div class="content">
<pre><code>c:\png&gt;c:\peach\peach png.xml</code></pre>
</div></div>
</div>
</div>
<div class="sect1">
<h2 id="_whats_next">Whats Next?</h2>
<div class="sectionbody">
<div class="paragraph"><p>Okay, now that we have a running fuzzer we will need to configure a way to detect when our target crashes.  We will also want to collect some information like a stack trace to look at later on.  Head to the next section to learn how to configure an agent and monitor.</p></div>
<hr />
<div class="paragraph"><p><a href="CreateStateModel-2.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/CreateStateModel.html">&lt;&lt; Previouse</a> | <a href="TutorialDumbFuzzing-1.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing.html">Up</a> | <a href="AgentAndMonitor-2.html" tppabs="http://old.peachfuzzer.com/v2/TutorialDumbFuzzing/AgentAndMonitor.html">Next &gt;&gt;</a></p></div>
</div>
</div>
</div>
<div id="footnotes"></div>
<div id="footer">
<div id="footer-text">

<table width="100%">
<td><td>
<a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/"><img src="dejavusecurity.png" tppabs="http://old.peachfuzzer.com/images/dejavusecurity.png" height="50"/></a>
</td><td>&nbsp;&nbsp;&nbsp;</td><td>

Copyright (c) <a href="javascript:if(confirm(%27http://dejavusecurity.com/  \n\nThis file was not retrieved by Teleport Ultra, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?%27))window.location=%27http://dejavusecurity.com/%27" tppabs="http://dejavusecurity.com/">Deja vu Security</a> <br/>
Last updated 2014-02-23 21:20:27 PST
</td>
</table>

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-1094513-10']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www/') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</div>
</div>
</div>
</div>
</body>
</html>
